OpenAI ChatGPT
More than 100,000 ChatGPT accounts have been compromised by malware, according to a cybersecurity company. Pixabay

More than a whopping 100,000 ChatGPT accounts have reportedly been compromised and are being sold on the dark web. In other words, the credentials and contents of chat histories of these leaked accounts are now up for sale and can be accessed by anyone willing to pay top dollar.

OpenAI, the company behind the popular ChatGPT AI bot, has been leaving no stone unturned in a bid to enhance its AI tool. In line with this, the American artificial intelligence company recently rolled out a major update to improve ChatGPT on iPad and add support for Siri.

Compromised ChatGPT accounts discovered

Unsurprisingly, OpenAI's AI bot has garnered huge popularity in the last few months. Much to the chagrin of the chatbot's casual users, Singapore-based cybersecurity company Group-IB recently discovered over 100,000 compromised ChatGPT accounts on the dark web marketplaces.

The leaked ChatGPT credentials were found inside logs coming from Raccoon, which is a malware program that steals private data from infected computers. The company discovered 101,134 stealer-infected devices, which had saved ChatGPT credentials. So, what does this mean for an average user?

After getting access to the compromised accounts, hackers will be able to see chats users stored online. As a result, bad actors will gain access to any personal information or company trade secrets you may have entered in your prompts to ChatGPT. According to Group-IB, the Raccoon malware breached a considerable number of logs containing the ChatGPT accounts.

Bad actors prefer using Raccoon info stealer since it doesn't require a lot of coding experience to operate. Some cybercriminals have even developed fake ChatGPT apps that trick users to pay for expensive subscriptions. Just like trojans, info stealers are malware that are designed to collect credentials from emails, browsers, and instant messengers.

After collecting credentials, info stealers send all this information to the malware operator. The cybersecurity firm says the number of compromised ChatGPT accounts it continues to find is a major sign that ChatGPT has gained skyrocketing popularity around the world. Notably, Group-IB started finding stealer logs with compromised data back in June 2022.

According to a Tom's Guide report, the cybersecurity company managed to find 74 of them. While ChatGPT3 was already in existence at the time, the AI tool wasn't widely released to the public. Six months after the highly-anticipated ChatGPT launch on November 30, the company identified 26,802 stealer logs with compromised data.

During this study period, the Asia-Pacific region topped the list of ChatGPT account credentials stolen by info stealers. India, Pakistan, and Brazil were affected the most, while the US was in sixth place on the list. Also, Bangladesh, Indonesia, Morocco, France, Egypt, and Vietnam are among the countries with the most compromised ChatGPT credentials.

OpenAI told The Hacker News in a statement that the accounts were compromised because people's devices had malware. So, the company claims this wasn't an OpenAI breach. Nevertheless, OpenAI confirmed that it is investigating the exposed accounts.

How to stay safe using OpenAI's ChatGPT?

The usual security practices apply when it comes to preventing your accounts from being leaked online. First, set a strong password and change it regularly. In addition to this, Group-IB says users should enable 2FA (Two Factor Authentication). When 2FA is enabled, you will receive an additional security code to log into your account.

Regrettably, a blog post on OpenAI's official website claims the new 2FA and multifactor authentication enrollments have been temporarily paused. Alternatively, you can stop cybercriminals from breaking in and stealing your data by using a VPN (Virtual Private Network). To those unaware, VPN is a service that hides your actual public IP address, while tunneling the traffic between your device and the remote server.

It is also no secret that you should avoid inserting private information in your ChatGPT prompts. However, if you've already done it, you can consider clearing your chat history. Also, you can turn the feature that saves your chats on the AI tool off. Lastly, you need to ensure you have antivirus software installed on your PC and an Android antivirus app on your Android devices.